Using Get-WinEvent to Retrieve Events within a Specific Time Period
Does anyone know if it is possible to define a time range when using Get-WinEvent in PowerShell? It appears to work when specifying StartTime, but encounters issues when setting both StartTime and EndTime.
Working example:
“`powershell
Get-WinEvent -FilterHashTable @{‘LogName’ = ‘Application’; ‘StartTime’ = Get-Date “November 26, 2023 14:00:00”; }
“`
Encountering issues:
“`powershell
Get-WinEvent -FilterHashTable @{‘LogName’ = ‘Application’; ‘StartTime’ = Get-Date “November 26, 2023 14:00:00”; ‘EndTime’ = Get-Date “November 26, 2023 14:01:00”}
Get-WinEvent : No events were found that match the specified selection criteria.
At line:1 char:1
+ Get-WinEvent -FilterHashTable @{LogName=’Application’;StartTime=’01/0 …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
“`
Does anyone know if it is possible to define a time range when using Get-WinEvent in PowerShell? It appears to work when specifying StartTime, but encounters issues when setting both StartTime and EndTime. Working example:“`powershellGet-WinEvent -FilterHashTable @{‘LogName’ = ‘Application’; ‘StartTime’ = Get-Date “November 26, 2023 14:00:00”; }“` Encountering issues:“`powershellGet-WinEvent -FilterHashTable @{‘LogName’ = ‘Application’; ‘StartTime’ = Get-Date “November 26, 2023 14:00:00”; ‘EndTime’ = Get-Date “November 26, 2023 14:01:00”}Get-WinEvent : No events were found that match the specified selection criteria.At line:1 char:1+ Get-WinEvent -FilterHashTable @{LogName=’Application’;StartTime=’01/0 …+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception+ FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand“` Read More
